Browse:

What Is Destructive Malware?

Destructive malware sounds redundant, like “serious crisis” or “end result.” In fact, it is the latest advancement in malware that takes the already cunning ways in which polymorphic malware enters and hides within a computing device and then downloads a payload that will destroy your network and data with military-like precision. So, what is it?

US-CERT (United States Computer Emergency Readiness Team) describes destructive malware as having: the capability to target a large scope of systems, and… potentially execute across multiple systems throughout a network. As a result, it is important for an organization to assess its environment for atypical channels for potential malware delivery and/or propagation throughout their systems.

Shamoon, the first version of destructive malware that can be broadly applied to civilian environments, was first spotted in the wild in 2012, when nation-state perpetrators, allegedly Iran, destroyed 35,000 Saudi Aramco workstations and put the energy company’s supply of 10 percent of the world’s oil in jeopardy. US-CERT described Shamoon as “an information-stealing malware that also includes a destructive module… render[ing] infected systems useless by overwriting the Master Boot Record (MBR), the partition tables, and most of the files with random data. Once overwritten, the data are not recoverable.”

Looking to understand how the latest in destructive malware is evolving to hide against other defenses? Read more about them in Cyber Threats on a Path to Destruction, our free, comprehensive guide for understanding those threats and how supervised machine learning is the key to detecting future threats.

What Is Destructive Malware? was last modified: July 31st, 2017 by Micheal Mullen